The DeployStack Satellite uses Pino logger with Fastify for high-performance, structured logging. This guide covers everything you need to know about configuring and using log levels effectively in the satellite service.
Overview
The Satellite logging system is identical to the backend implementation, built on industry best practices:
- Pino Logger: Ultra-fast JSON logger for Node.js
- Fastify Integration: Native logging support with request correlation
- Environment-based Configuration: Automatic log level adjustment based on NODE_ENV
- Structured Logging: JSON output for production, pretty-printed for development
Available Log Levels
Log levels are ordered by severity (lowest to highest):
| Level | Numeric Value | Description | When to Use |
|---|
trace | 10 | Very detailed debugging | MCP server process tracing, detailed communication flows |
debug | 20 | Debugging information | Development debugging, MCP server lifecycle events |
info | 30 | General information | Satellite startup, team operations, successful MCP calls |
warn | 40 | Warning messages | Resource limits approached, MCP server restarts |
error | 50 | Error conditions | MCP server failures, team isolation violations |
fatal | 60 | Fatal errors | Satellite crashes, critical system failures |
Configuration
Environment Variables
Set the log level using the LOG_LEVEL environment variable in your .env file:
Default Behavior
The logger automatically adjusts based on your environment:
Default Levels:
- Development:
debug (shows debug, info, warn, error, fatal)
- Production:
info (shows info, warn, error, fatal)
Satellite-Specific Logging Patterns
MCP Server Management
Team Isolation Operations
Backend Communication
HTTP Proxy Operations
Logger Parameter Injection Pattern
The Satellite follows the same logger injection pattern as the backend:
β
DO: Pass Logger as Parameter to Services
β
DO: Use Child Loggers for Persistent Context
Satellite-Specific Context Objects
Always include relevant context that helps identify satellite operations:
Best Practices for Satellite Context Objects:
- Always include
satelliteId: Identifies which satellite instance
- Include
teamId for team-specific operations
- Add
operation: Consistent field describing the operation
- Include
serverId for MCP server operations
- Add performance metrics: Duration, resource usage, counts
- Use consistent naming: camelCase and standard field names
Secret Masking in Logs
The satellite automatically protects sensitive credentials in log output through selective secret masking. This prevents API keys, tokens, and passwords from appearing in plain text in log files or monitoring systems.
How Secret Masking Works
Automatic Detection:
- Backend sends metadata with MCP server configurations identifying which fields are secrets
- Satellite receives
secret_metadata with lists of secret query parameters, headers, and environment variables
- Masking utilities automatically apply to fields marked as secrets
Masking Pattern:
- First 3 characters remain visible followed by
***** (e.g., sk_abc123xyz789 becomes sk_*****)
- Values shorter than 3 characters are fully masked as
***
- Non-secret values remain fully visible for debugging
Using the Log Masker Utility
The log masking utilities are located in src/utils/log-masker.ts and provide three functions for masking different configuration types:
Best Practices for Secret Protection
β
DO: Use Masking Functions for URLs with Credentials
β
DO: Mask Headers Containing Authentication
β DONβT: Log Raw Credentials
Implementation Locations
Secret masking is implemented in these satellite components:
- Dynamic Config Manager (
src/services/dynamic-config-manager.ts) - 5 locations where MCP server URLs are logged
- Command Processor (
src/services/command-processor.ts) - MCP server spawn and configuration logging
- HTTP Proxy Manager (
src/process/http-proxy-manager.ts) - HTTP/SSE transport logging
- MCP Server Wrapper (
src/core/mcp-server-wrapper.ts) - Server connection and lifecycle logging
- Remote Tool Discovery (
src/services/remote-tool-discovery-manager.ts) - Tool discovery from HTTP servers
Debugging with Masked Logs
When troubleshooting authentication issues:
- Partial visibility helps identify credentials: First 3 characters show which credential was used
- Compare prefixes: Verify the correct API key/token is being applied
- Check non-secret params: Regular parameters remain visible for debugging
- Use secret metadata: Confirm which fields are marked as secrets in configuration
Example masked log output:
Environment-Specific Configuration
Development Environment
Features:
- Pretty-printed, colorized output
- Shows debug and trace information
- Includes timestamps and context
- Easier to read during development
Production Environment
Features:
- Structured JSON output
- Optimized for log aggregation
- Excludes debug information
- Better performance
Testing Environment
Features:
- Minimal log output during tests
- Only shows errors and fatal messages
- Reduces test noise
Common Satellite Logging Patterns
Satellite Lifecycle
MCP Server Operations
Team Management
Troubleshooting
Debug Mode Not Working
If debug logs arenβt showing:
- Check LOG_LEVEL: Ensure itβs set to
debug or trace in .env
- Check NODE_ENV: Development mode enables debug by default
- Restart Satellite: Environment changes require restart
If logging is impacting satellite performance:
- Increase Log Level: Use
info or warn in production
- Remove Excessive Debug Logs: Clean up verbose debug statements
- Use Async Logging: Pino handles this automatically
Log Aggregation
For production satellite monitoring:
Migration from Console.log
Important: Replace all console.log statements with proper Pino logger calls to ensure consistent formatting and log level filtering.
Problem: Inconsistent Log Output
Solution: Use Proper Logger
Summary
- Use proper log levels for satellite operations
- Include satellite-specific context (satelliteId, teamId, serverId)
- Follow backend logging patterns for consistency
- Configure LOG_LEVEL via environment variables
- Use child loggers for persistent context
- Avoid console.log statements in favor of Pino logger
With proper log level configuration, the satellite service will have production-ready logging that scales from development to enterprise deployments, providing the observability needed for managing MCP servers and team isolation.